Separating key management from file system security
Proceedings of the seventeenth ACM symposium on Operating systems principles
Building secure file systems out of byzantine storage
Proceedings of the twenty-first annual symposium on Principles of distributed computing
Deployme: Tellme's Package Management and Deployment System
LISA '00 Proceedings of the 14th USENIX conference on System administration
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Self-signed executables: restricting replacement of program binaries by malware
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
System configuration as a privilege
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
Survivable key compromise in software update systems
Proceedings of the 17th ACM conference on Computer and communications security
A control point for reducing root abuse of file-system privileges
Proceedings of the 17th ACM conference on Computer and communications security
System security, platform security and usability
Proceedings of the fifth ACM workshop on Scalable trusted computing
| Hi-index | 0.00 |
This work studies the security of ten popular package managers. These package managers use different security mechanisms that provide varying levels of usability and resilience to attack. We find that, despite their existing security mechanisms, all of these package managers have vulnerabilities that can be exploited by a man-in-the-middle or a malicious mirror. While all current package managers suffer from vulnerabilities, their security is also positively or negatively impacted by the distribution's security practices. Weaknesses in package managers are more easily exploited when distributions use third-party mirrors as official mirrors. We were successful in using false credentials to obtain an official mirror on all five of the distributions we attempted. We also found that some security mechanisms that control where a client obtains metadata and packages from may actually decrease security. We analyze current package managers to show that by exploiting vulnerabilities, an attacker with a mirror can compromise or crash hundreds to thousands of clients weekly. The problems we disclose are now being corrected by many different package manager maintainers.